like query parametrisation is supported by everything, database user can be read only
additionally if you want to go hard, then you can always compare ASTs generated query from user with query that's exposed by that endpoint
Why SQL Injection is still a thing?
like query parametrisation is supported by everything, database user can be read only
additionally if you want to go hard, then you can always compare ASTs generated query from user with query that's exposed by that endpoint
Why SQL Injection is still a thing?